Problem Statement: I want to give users permission to run an EC2 instance with Tags only, but I can't restrict the user to not running more than one EC2 instance at a time.

Hello Community,

Would it be possible to delete all old EC2 instances, if the user launches a new EC2 box? or restrict the user to not running more than one instance (the second point is not a feasible solution).

I want to give users AWS GUI and CLI access to perform the task.

Can someone suggest some solution to this problem?

Thanks in Advance.

CodePudding user response：

I want to give users permission to run an EC2 instance with Tags only

For this you can craft IAM policy as exemplified in AWS docs:

• How can I use IAM policy tags to restrict how an EC2 instance or EBS volume can be created?

Would it be possible to delete all old EC2 instances, if the user launches a new EC2 box?

This requires a custom solution. For example, you can setup AWS CloudTrial trial that triggers a lambda function (through a AWS EventBridge) on ec2.RunInstances API call. The lambda function would check the ownership of the instance to be launched, how many a given user have them at present, and terminate pre-existing ones.